[CXF-5248] Signed SAML assertion validation error w/ SupportingTokens only policy - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.6.10, 2.7.7, 3.0.0-milestone1
Component/s: WS-* Components
Labels:
None

Estimated Complexity:
Unknown

Description

I have an endpoint whose WSDL has the following policy:

<wsp:Policy wsu:Id="MyPolicy">
  <wsp:ExactlyOne>
    <wsp:All>
    <sp:SupportingTokens>
      <wsp:Policy>
        <sp:SamlToken  sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
          <wsp:Policy>
            <sp:WssSamlV20Token11/>
          </wsp:Policy>
        </sp:SamlToken>
      </wsp:Policy>
    </sp:SupportingTokens>
    </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>

I've configured the client so that the provided SAML2 assertion is self signed.

The SamlTokenInterceptor deals with the request on server side; a RequestData instance is built up in 'processToken(Element tokenElement, final SoapMessage message)', but no signature crypto is configured in it. As a consequence the validation later fails in SignatureTrustValidator#validate(..) because no crypto can be retrieved.

I assume the security configuration from the incoming message should be propagated to the RequestData instance constructed in the interceptor.
I'm attaching a patch (against 2.7 branch) that solves my specific failure, but I'm not sure if other props should be propagated too.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

CXF-5248.txt
30/Aug/13 13:58
0.8 kB
Alessio Soldano

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Alessio Soldano

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 30/Aug/13 13:57

Updated:: 27/Sep/13 18:18

Resolved:: 03/Sep/13 11:33